OneLogin Hack Rocks More Than 2,000 Businesses

By Mona Bushnell, B2B Tech Writer June 2, 2017 08:57 am EST

MORE

Credit: Rosenthal/Shutterstock

OneLogin, an identity and access management company with more than 2,000 enterprise clients, has been hacked. The breach, which lasted just minutes, was a major blow for both OneLogin and their clients, and the fallout isn't over.

OneLogin's success was built on their single-sign in service and their ability to maintain sensitive information securely in their cloud. During the security breach, private information about users, apps, and various keys may have been obtained by the still unknown hackers. All we currently know is what OneLogin has announced on their company blog where they mention the breach, the data that may have been collected and the fact that the hacker or hackers may have figured out a way to decrypt data.

If you are a OneLogin customer you should have already received an email from the company, but if you didn't, you should do the following immediately:

Reset OneLogin directory passwords for every user.

Generate new API keys for all services.

Create new tokens for account logins.

There are several other steps you need to take to protect your company's data, and you can find them all detailed on the service's support site.

That's all the information we have on the hack right now. Law enforcement and third-party security experts are currently working with OneLogin to investigate the scope of the hack and identify the guilty parties involved.

Mona Bushnell

Mona Bushnell is a New York City-based Staff Writer for Tom’s IT Pro, Business.com and Business News Daily. She has a B.A. in Writing, Literature, and Publishing from Emerson College and has previously worked as an IT Technician, a Copywriter, a Software Administrator, a Scheduling Manager and an Editorial Writer. Mona began freelance writing full-time in 2014 and joined the Purch team in 2017.